180 likes | 196 Views
This brief outlines the benefits and implementation of the NC3VC program for non-CAC eligible vendors and contractors accessing US Navy installations, supporting compliance with various security and access control standards. The program aids in managing access privileges for non-CAC entities, improving safety and ensuring compliance with identity management policies. The text emphasizes the benefits to the US Navy, vendor/contractor companies, and employees, highlighting how NC3VC streamlines credential management, reduces wait times, and enhances security across multiple government installations. Utilizing the RAPIDGate program, the NC3VC initiative offers comprehensive vetting, credentialing, and access control capabilities to ensure secure access to military installations.
E N D
Brief to The American Logistics AssociationonCommander, Navy Installations Command NC3VC Non-CAC Credentialing forVendors and Contractors Abrar Ahmed Executive Vice President Greg Hendricks Vice President Government Affairs Group
Why NC3VC? “CNIC NC3VC for Identity Management and Perimeter Installation Access Control Designed to Manage Non-CAC Eligible Vendors, Contractors, Sub-contractors, Suppliers, and Service Providers.” • CNIC NC3VC supports US Navy efforts to comply with: • HSPD 12 Policy for a Common Identification Standard for Federal Employees and Contractors • Public Law 110-181 (FY 2008) SEC 1069 Standards for Entry to Military Installations in (the) United States • USNORTHCOM Installation Access Control Guidance in the AOR, dtd 05 DEC 2007 • Federal Information Processing Standards Publication (FIPS) 201-1 Personal Identity Verification (PIV) of Federal Employees and Contractors, dtd MAR 2006 • DoD Instruction (DoDI) 2000.16 DoD Anti-Terrorism Standards , dtd 02 OCT 2006 • DoDI 5200.08-R Physical Security Program, dtd APR 2007 • Directive Type Memorandum (DTM) 09-012 Interim Policy Guidance for DoD Physical Access, dtd 08 DEC 2009 • OPNAV Instruction 5530.14 Navy Physical Security and Law Enforcement Program, dtd 28 JAN 2009 • OPNAV Instruction 1752.3 Policy for Sex Offender Tracking, Assignment and Access Restrictions with the Navy, dtd 27 May 2009 • MEMORANDUM FOR COMMANDANT OF THE MARINE CORPS CHIEF OF NAVAL OPERATIONS
NC3VC Benefits • Benefits to the US Navy • Standardized enrollment, vetting, credentials and management of access privileges for vendors, contractors, sub-contractors, suppliers and service providers not eligible for a Common Access Card (CAC) who are accessing US Navy installations • Improve the safety and security of CNIC installations and other Commands through: • Regular and improved vetting • Electronic validation of credentials & verification of installation specific access privileges in “near real time” • Reduction in the number and types of credentials used for installation access • Management of non-CAC eligible vendors/contractors by a single enterprise system • Supports the on-going US Navy effort to meet new and evolving identity management and installation access control statutory and policy requirements
NC3VC Benefits - continued • Benefits to vendor/contractor companies & employees • One system which manages non-CAC eligible vendors, contractors, sub-contractors, suppliers and service providers across the US Navy shore installation enterprise and other US Army, US Marine Corps, US Coast Guard and NASA installations • Annual access privileges • Access multiple US Navy, other DoD and Government installations with one credential • Reduction in wait times to access installations • Pass & ID for credentials/passes • Access to multiple gates • DoD vehicle decals no longer required • Mandatory commercial vehicle inspections no longer required • “NEXCOM will comply with non-CAC eligible contractor credentialing, CAC eligibility and issuance, meeting the requisites provided by DOD, SECNAV, OPNAV and CNIC Notice 5530 and NC3VC guidance.”
Population NC3VC Manages • Participants • Vendors • Contractors • Sub-contractors • Suppliers • Service Providers • Regardless of how personnel come onto the installation • Walk • Cars • Pick-ups • Vans • Trucks/Semi-trucks
RAPIDGate Program Capabilities • RAPIDGate successfully completed a 3 year pilot program in Navy Region Southwest. Based on that success, RAPIDGate is being implemented across the CNIC Enterprise to support NCV3C. • Electronically Verify & Biometrically Authenticate • Self-Registration • Vetting – comprehensive initial background screening and regular re-screening • Credentialing – manufacturing, shipping, issuance and lifecycle management • Access Control– Electronically verify, validate & biometrically authenticate in “near real-time” credentials, access privileges & identities • Access Privileges – Authoritative data repository (ADR) local ECP servers updated every 30 minutes • Reporting – Monthly activity and ad hoc reports
RAPIDGate Program Vetting • Initial Vetting • Identity Validation • 10 Year Address History • Electronic Database Vetting • SSN Trace • Program Disqualifiers • Any Felony Conviction • Registered Sexual Offender • Any Outstanding Criminal Warrant • Credential Issuance • I-9 Document Check at Issuance • No-entry, Debarment, No Work Lists • Issued by Government personnel • Ongoing • Watchdog Electronic Re-vetting Every 92 days
RAPIDGate ProgramSample Disqualification Summary • Actual Disqualification Examples • (All Convictions are Felonies): • Registered Sex Offender • Invalid Social Security Number • Auto Theft • Burglary/Robbery • Counterfeit Access Cards • Embezzlement/Extortion/Forgery/Fraud • Assault with a Deadly Weapon • Assault on a Peace Officer • Attempted Murder • Cruelty to a Child • Outstanding Warrants • Escape By State Prison Inmate • Drug Violations (Meth, Cocaine, Heroin) • Permit Minors to Consume Alcohol • Bringing in Illegal Aliens • Firearm Violations • Conspiracy to Commit Offenses Against the US • Kidnapping • Malicious Destruction of Property • Stalking • Vandalism • Preventing Witness From Testifying • DUI and Gross Vehicular Manslaughter • Fleeing and Eluding Authority/ Court 2% Warrants 11% Violence 11% Drugs 32% Misc 5% Theft 25% Motor Vehicle 7% Sex Offenses 4% SSN 3% RAPIDGate Program Life-to-Date VettingHas Experienced a 4.13% Disqualification Rate
RAPIDGate ProgramHardware & Credential REGISTRATION STATION HANDHELD DEVICE GUARD STATION • Mag stripe reader • 2D barcode reader • Fingerprint scanner • Color display • Easy to read • Battery status • 802.11G wireless connectivity to the guard station • Multi-Language • Digital Camera • Fingerprint Scanner • ADA Compliant • UPS • Locked enclosure CREDENTIAL HANDHELD CHARGERS AND CRADLES • Battery indicator light • Easy to use • Spare Batteries • Credential uses FIPS 201-1 • GSA approved product • List cardstock and follows NIST SP800-104 topography recommendations
RAPIDGate Program Options • Enterprise Option • One credential • Same installation access process • Access privileges for multiple installations as approved by Installation Commanding Officers • 90 Day Option • Access for up to 90 days • Same registration, background screen and credential • Designed for: • Seasonal companies & employees • Short duration contracts & contract extensions • Probationary employees and high turn-over workforces
NC3VC Shared Responsibilities • Eid Passport Inc. • Supports NCV3C with the RAPIDGate Program • Owns, updates and maintains hardware and software • Trains force protection personnel and other key Government employees • Manages vendor/contractor companies and their employees for the US Navy • Vendor/Contractor Company • Annual subscription to participate in the program • Government • Provides electricity, phone connectivity, space, credential issuance and program support • Support implementation and ongoing management of the program
CNIC Transition to NC3VC and the RAPIDGate Program • Implementation Status • CNRSW - Implementation completed • CNIC Pilot Project • 11 CNRSW installations • NDW - Implementation completed • NAS Patuxent River and NSF Indian Head/Dahlgren only • CNRSE - Implementation in progress • 14 installations • CNRNW - Implementation in progress • 5 installations • NDW - Implementation to follow (OCT 2010) • CNRH - Implementation to follow (NOV 2010) • CNRMW - Implementation to follow (DEC 2010) • CNRMA - Implementation to follow (JAN 2011) • CJRM - Implementation to follow (JUN 2011)
FAQ’s • Q1. What is the implementation completion date? A1: -Enrollment, vetting and credentialing component starts JUN 2010 and ends JUL 2011 -ECP enforcement component starts NOV 2010 and OCT 2011 • Q2. Who pays for the cost of vendor/contractor enrollment? A2: -The vendor/contractor employer • Q3. What other vendor/contractor credentials will CNIC recognize for installation access? A3: -CAC, for those vendors/contractors who are eligible per CNIC Notice 5530 and NC3VC SOP -One day passes for those not participating in NC3VC - Vendor/contractor credentials previously issued by installations/ tenant commands • Valid for no more than one year from implementation of NC3VC
FAQ’s-continued Q4. Has an IATO or ATO been issued for NC3VC? A4: -An IATO has been granted with an ATO to follow within 180 days. Although the IATO allows NC3VC to operate on NMCI and PSNET, the system does not do so at this time Q5. Is NC3VC intended for perimeter access control or will an enclave capability follow? A5: -NC3VC is being implemented initially as a perimeter access control solution -An enclave capability is expected to follow with initial consideration for the Naval Shipyards at Puget Sound, Norfolk, Portsmouth, and Pearl Harbor; and at NB San Diego Ship Repair Facility, SB Kings Bay and NB Kitsap – Bangor